Systems and methods for minimizing client computer system set-up time

ABSTRACT

Systems, methods, apparatuses and computer program products provide alternative desktop computing solutions and generally provide client devices configured to utilize one of a local common base image and a common base image stored remotely, with a user-specific overlay image remotely storing user specific data. The clients can be configured to store the common base image locally.

BACKGROUND

The subject matter presented herein generally relates to alternativedesktop computing solutions. More particularly, the subject matterrelates to centrally managed personal computer (PC) systems networked toone or more storage devices, such as a storage area network (SAN)device.

Businesses are continually concerned with cost savings and security. Inthe realm of IT costs, businesses are increasingly concerned with theneed to reduce the costs of maintaining enterprise PCs. Moreover,businesses seek safe, secure solutions that save money withoutsacrificing performance. In an effort to meet such needs, various PCmanufacturers have introduced thin client focused solutions, so calledbecause the thin client relies in some regard on one or more othercomputer systems (for example, a SAN) in order to provide traditional PCfunctionality. Among other features, a thin client focused solutionallows for central management and increased security. One such approachhas been to virtualize the clients, relying heavily on back end servers.Another approach is the Secure Managed Client (SMC) of Lenovo.

As an example of an alternative desktop-operating environment, Lenovo'sSecure Managed Client (SMC) provides centrally managed PCs. In oneimplementation, SMC utilizes a ThinkCentre® client with an INTEL® VTProcessor, iSCSI (Internet Small Computer System Interface) protocol, aco-developed software stack and Lenovo Storage Array Appliance poweredby INTEL®. Although SMC offers all the benefits and functionality of athin client solution, SMC avoids sacrificing important features such asapplication compatibility, graphics performance, the number of desktopoptions available, and the like. By leveraging centralized clientmanagement, SMC makes it easier to manage and provision users andimages, minimize total cost of ownership, et cetera. This is largely dueto the fact that SMC eliminates the need for desk side support andlowers costs, for example costs associated with installation, change,deployment and energy consumption.

The inventors have recognized, however, that there may be certainimprovements in the SMC operating environment.

BRIEF SUMMARY

An aspect provides an apparatus comprising: one or more processors; anetwork interface configured to access one or more of a base imageconfigured for a plurality of users and stored on a remote storagedevice; and, a user overlay image stored on the remote storage device;and one or more storage devices comprising computer-executable programcode, the computer executable program code being executable by the oneor more processors and comprising: computer executable program codeconfigured to access the base image; and computer executable programcode configured to proceed through a first boot of the base image;wherein the base image has been modified to not require writing one ormore common operating system files to the user overlay image.

Another aspect provides a method comprising: establishing a networkconnection between an apparatus and a remote storage device having oneor more of a base image configured for a plurality of users and a useroverlay image; accessing the base image with the apparatus; andproceeding through a first boot of the base image with the apparatus;wherein the base image has been modified to not require writing one ormore common operating system files to the user overlay image.

A further aspect provides a computer program product comprising: acomputer readable storage medium having computer executable program codeembodied therewith, the computer readable program code comprising:computer executable program code configured to establish a networkconnection between an apparatus and a remote storage device having oneor more of a base image configured for a plurality of users and a useroverlay image; computer executable program code configured to access thebase image with the apparatus; and computer executable program codeconfigured to proceed through a first boot of the base image with theapparatus; wherein the base image has been modified to not requirewriting one or more common operating system files to the user overlayimage.

The foregoing is a summary and thus may contain simplifications,generalizations, and omissions of detail; consequently, those skilled inthe art will appreciate that the summary is illustrative only and is notintended to be in any way limiting.

For a better understanding of the embodiments, together with other andfurther features and advantages thereof, reference is made to thefollowing description, taken in conjunction with the accompanyingdrawings. The scope of the invention will be pointed out in the appendedclaims.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 illustrates an alternative desktop operating environment.

FIG. 2 illustrates an alternative desktop operating environment.

FIGS. 3A and 3B illustrate a modified OS and client device.

FIG. 4 illustrates an example of disk provisioning.

FIGS. 5A and 5B illustrate a further example of disk provisioning.

FIG. 6 illustrates an example of base image streaming.

FIG. 7 illustrates an example of multi-partition OS migration.

FIG. 8 illustrates an example of determining boot location, fix-up anddata retrieval.

FIG. 9 illustrates a computer system.

DETAILED DESCRIPTION

It will be readily understood that the components of the embodiments, asgenerally described and illustrated in the figures herein, may bearranged and designed in a wide variety of different configurations inaddition to the described embodiments. Thus, the following more detaileddescription of the embodiments, as represented in the figures, is notintended to limit the scope of the claims, but is merely representativeof those embodiments.

Reference throughout this specification to “one embodiment” or “anembodiment” (or the like) means that a particular feature, structure, orcharacteristic described in connection with the embodiment is includedin at least one embodiment. Thus, appearances of the phrases “in oneembodiment” or “in an embodiment” or the like in various placesthroughout this specification are not necessarily all referring to thesame embodiment.

Furthermore, the described features, structures, or characteristics maybe combined in any suitable manner in one or more embodiments. In thefollowing description, numerous specific details are provided to give athorough understanding of embodiments. One skilled in the relevant artwill recognize, however, that aspects can be practiced without one ormore of the specific details, or with other methods, components,materials, et cetera. In other instances, well-known structures,materials, or operations are not shown or described in detail to avoidobfuscation.

According to various embodiments, systems, methods, apparatuses andcomputer program products provide alternative desktop computingsolutions. Client devices may be configured to utilize one of a localcommon base image and a common base image stored remotely, with auser-specific overlay image remotely storing user specific data. Theclients may be configured to store the common base image locally.

The illustrated embodiments will be best understood by reference to thefigures. The following description is intended only by way of example,and simply illustrates certain embodiments.

The operation of diskless clients used in a Secure Managed Client (SMC)operating environment are such as those described in co-pending andcommonly assigned U.S. patent application Ser. No. 11/693,515, entitled“DISKLESS CLIENT USING A HYPERVISOR”, filed Mar. 29, 2007 andincorporated by reference herein. As described therein, a hypervisor isemployed in a diskless client system to more efficiently facilitate andgreatly expand the booting capabilities of an operating system (OS).More particularly, the hypervisor preferably “traps” all disk and LANaccesses from the OS.

Expressed another way, to the extent that many OSs are normallyconfigured to write to a local hard drive during a boot, and to theextent one may wish to incorporate such an OS into a diskless system, ahypervisor in accordance with co-pending and commonly assigned U.S.patent application Ser. No. 11/693,515, entitled “DISKLESS CLIENT USINGA HYPERVISOR”, filed Mar. 29, 2007, obviates the need to expensivelyreconfigure the OS for a diskless environment in which the bootingcontext will be significantly different. Any and all translation toremote storage can be performed by the hypervisor and thus essentially“blind” to the OS.

FIG. 1 illustrates a high level SMC operating environment. SMC useshigh-performance network infrastructure connecting clients 101 a, 101 band back-end devices (for example, SAN devices 102 a, 102 b). Oneimplementation uses 1 Gigabit Ethernet switches 103 with Virtual LANs.

A manager 104 is a centralized device (server) provided for managing andmaintaining the SMC system. The manager 104 can be used for example tohandle user authentication from a client (for example, client 101 a).The client 101 a, for example, a Lenovo ThinkCentre® M58P Ultra SmallForm Factor (USFF) desktop PC with INTEL® vPro™ technology, isconfigured for DHCP dynamic address allocation and uses a DHCP server'sboot-path option to make iSCSI (Internet Small Computer SystemInterface) connections to the SAN 102 a, which will boot a common userlogon screen.

At login, the user's credentials are sent to the client connection webservice, which authenticates the user and returns the information neededto boot the client 101 a to the User OS on the SAN 102 a. Thus, thediskless client makes an iSCSI connection to SAN 102 a and boots theuser image. The manager 104 can be configured to auto-generate the iSCSIlogon information, including passwords, in the background and passinformation securely to a client 101 a. For increased security, the userdoes not need to know passwords used for low-level access to the userimage.

The SAN 102 a is a device at which a client's 101 a data is securelystored. SAN 102 a includes an INTEL® iSCSI SAN with specializedsoftware, configured with RAID disks and GB Ethernet ports. The SAN 102a can be managed and provisioned remotely through a Management Console105. The Management Console 105 can be configured to generate useraccounts and passwords used to access the SAN 102 a.

Referring now to FIG. 2, a high level example of another SMC operatingenvironment is illustrated. Like the SMC operating environmentillustrated in FIG. 1, the SMC operating environment illustrated in FIG.2 uses high-performance network infrastructure connecting clients 201 a,201 b and back-end devices (for example, SAN devices 202 a, 202 b). Oneimplementation uses 1-Gigabit Ethernet switches 203 with Virtual LANs.The manager 204 can be configured to auto-generate the iSCSI logoninformation, including passwords, in the background and pass informationsecurely to a client 201 a.

The SAN 202 a is again a device at which a client's 201 a data issecurely stored. A SAN 202 a includes an INTEL® iSCSI SAN withspecialized software, configured with RAID disks and GB Ethernet ports.The SAN 202 a can be managed and provisioned remotely through aManagement Console 205. The Management Console 205 can be configured togenerate user accounts and passwords used to access the SAN 202 a.

Unlike the SMC operating environment illustrated in FIG. 1, however, theSAN devices 202 a, 202 b in FIG. 2 include 1) a base image of a diskcontaining an operating system and 2) a user overlay image. The baseimage of the operating system is accessible to and utilized by all usersof the SAN device (for example, 202 a). Any modifications to the baseimage by individual users are implemented through the use of a useroverlay. This overlay is preferably not accessible to all users andindicates what changes a particular user has made to the base image. Forexample, this is accomplished by recording those sectors of the baseimage that contain data changed by the user. This may be through the useof a look-up table. The sector containing the changed data is alsopreferably stored in the user overlay.

A hypervisor installed in a client (for example, 201 a) loads thelook-up table containing information on those sectors of the base imagethat have been changed by the user. When information on a particularsector is called for by software running on client 201 a, the hypervisordecides whether to obtain the sector from the common base image storedon SAN 202 a or the user overlay stored on SAN 202 a.

Minimizing Set-up Time During First Boot

Conventionally, for example in the context of a diskless client, therewere multiple methods that could be used to deploy a user OS in an SMCenvironment. A standard PC image (for example, the same image used topre-load a client (for example, a Lenovo ThinkCentre® or ThinkPad®)) wasused as a template to create virtual user hard drives for each user ofthe image. The user image could be uploaded for example through aprovided utility or by mounting the user image (using an iSCSIinitiator) and then copying the user image up to the SAN 102 a.

Generally, the SMC platform supported images may be created using anumber of different methods, including using Windows® standard installCDs, using Windows® imaging tools such as System Preparation (sysprep),and Lenovo imaging tools such as ImageUltra Builder. Whatever was usedto create the user image, the user image was generalized, for example,using the general pass feature of sysprep. In such an action, specificinformation relevant to the machine used to create the user image isremoved from the system as part of the image creation process. Examplesof the type of information removed from the operating system in thegeneralization process include the name of the computer, installeddevice drivers, and the like. On the first boot of the user image fromthe SAN drive, this information would be reinserted or reinstalled intothe operating system (user overlay). Such reinstallation may bedependent upon the hardware configuration of the client (for example,101 a).

Booting of clients 101 a, 101 b could be accelerated using a bootacceleration procedure or a faster network. Conventionally, bootacceleration has been accomplished by optimizing a SAN cache. The SANcache reduced the number of disk-seeks and disk-reads needed in the bootcycle. The SAN cache worked most efficiently when most clients 101 a,101 b connected to the SAN used the same image. For instance, if most ofthe volumes on a SAN are Windows® Vista OS, but a few are Windows® XPOS, the SAN cache would be optimized for Windows® Vista OS. Each SAN hadits own cache policy to bunch similar OSs to attain the maximum bootacceleration.

When an image of the operating system is split into a common base imageand a user overlay in accordance with an embodiment (as illustrated inFIG. 2), the inventors have recognized that after the base image anduser overlay are deployed, many common OS files reside on the overlayimage. This increases the size of the overlay image and also increasesthe amount of time required for the initial or first boot of the OS, asvarious device drivers, et cetera, are installed depending upon thehardware configuration of the client (for example, 201 a). Accordingly,embodiments utilize conventional imaging tools in a non-traditionalimage creation process to accelerate booting and reduce the size of theuser overlay.

As illustrated in FIGS. 3A, 3B, to modify the OS image in such a way, anembodiment modifies image generation by leveraging existing imagegeneration tools (such as Sysprep) to reduce the number of common OSfiles that are reinstalled during first boot. This reduces the OS setuptime and increases the amount of common OS files. To speed booting,these common OS files can particularly include files that are commonlyuninstalled from the base image when the image is generalized using theimaging utility (for example, sysprep/generalize) and which are thenreinstalled during the first boot of the image installed on a clientcomputer. For example, the common OS files may include standard devicedrivers know to be included on a common client 301 a.

An example of an OS image setup is illustrated in FIG. 3B. In anembodiment, the PersistAllDeviceInstalls setting is changed to true 310using the x86_Microsoft-Windows-pnpSysprep-neutral image component. TheMicrosoft-Windows-PnpSysprep component specifies whether all Plug andPlay information persists during the generalized pass. Typically, duringthe generalized pass all device information is removed from thecomputer. If the device information is removed during the generalizedpass, the next time the computer runs Pug and Play, the devices will bere-initialized. Typically, the next time the computer boots, thespecialize pass runs, and Plug and Play runs. This ensures that when thegeneralize pass of Sysprep is run 320, common OS files are notuninstalled (are skipped) 330.

Referring back to FIG. 3A, these common OS files are then provided inthe base image 306 on the SAN 302 a. All installed common OS files (forexample, device drivers) will then not be uninstalled during thegeneralize pass, which forces these common OS files to reside in thebase image 306. This works best when clients have the same hardwareconfiguration, as is typically the case when an organization deploys anSMC computing environment.

SAN 302 a is shown with a common base image 306 and user overlay 307.Hypervisor 308 on client 301 a controls whether disk sector reads arepulled from the common base image 306 or user overlay 307. As describedherein, when changes to the base image 306 are made, the disk sector onwhich the changed data resides is stored in user overlay 307. A look uptable may also be maintained in user overlay 307, such lookup tablebeing loaded into the hypervisor upon booting. This lookup table is usedby the hypervisor to keep track of what disk sectors are stored in theuser overlay 307.

Disk Provisioning

As illustrated in FIG. 4, a client 401 a can be provisioned with a copyof the base image 406 a in a read-only local cache 408 a (for example, aflash memory device or hard disk drive (HDD)). This local copy of thebase image 408 a permits further reduction of first boot (set up) timeand decreased network traffic, as the local copy of the base image 408 acan be accessed by the client 401 a (via the hypervisor 408), ratherthan accessing the base image 406 stored on the SAN 402 a. As discussedherein, all changes made by a particular user can be stored in the useroverlay 407. It should be noted that local cache 408 a may contain localcopies of multiple base images. For example, one such base image may beof the Windows® XP OS, while a second such base image may be of theWindows® 7 OS. Alternatively, if the SMC operating environment isdeployed where various users have various builds of a base image, suchas a college or university (faculty/staff and student), one such baseimage may be a faculty/staff build while a second such base image may bea student build. In such circumstances, the local cache also includes anindication of what base images are available on the local cache. Anynumber of multiple base images may be used, limited only by hardwareconstraints (that is, image size and available disk space, as describedfurther herein). Additional items may also be placed in a local cache,such as the hypervisor boot code itself. In all such instances, thehypervisor is utilized to keep track of which base image is to beutilized by any given user.

In FIGS. 5A and 5B an example of disk provisioning is illustrated. Toset up a client with a local cache 508 a, a HDD of the client can beutilized. A local cache 508 a will generally be a local storage deviceprovisioned to include the base image (including common OS files, asdiscussed herein), overhead space, and an optional user space. Oneobstacle in provisioning clients is the fact that they can havedifferent size HDDs; thus it can be difficult for an IT administrator toensure heterogeneous clients will accept a given base image.

As illustrated in FIG. 5A, an embodiment provides methods to provision aclient's local disk for use as a local cache 508 a (with optional userstorage) without the IT administrator knowing the client's local HDDsize. Currently, to partition a disk, an IT administrator is required toknow the size of the client's HDD and the desired partition sizes. Theserequirements are particularly exacerbated when there is a heterogeneouscollection of clients (HDD sizes) managed as a single group. For exampleif an administrator is managing 100 client systems, they may containHDDs that range in size from 80 GB to 1 TB. Essentially, the ITadministrator's goal is to determine a disk layout that matches all ofthe client systems. Conventional solutions default to a percentage thatdoes not account for the minimum image size requirements.

Thus, an embodiment allows a local cache 508 a to be provisioned with abase image (and overheard), along with an optional space allocated tolocal storage of user data. When optional user space is included in thelocal cache, such user space may, for example, appear as a separate harddrive that the user may access once properly formatted, or appear as aseparate partition visible to the user. For security reasons, a localcache 508 a need only include space for a base image and overhead; thus,a minimum local cache partition size does not necessarily include theoptional user space. When no optional user space is included in thelocal cache, the base image and overhead space are on a hard drive orpartition which is not accessible to the user (that is, a hidden harddrive or hidden partition).

Referring now to FIG. 5B, an IT administrator configures a client forlocal cache by setting up a base image on the SAN 510. As in FIG. 5A,the IT administrator has the option to determine a percentage of localdisk space not used by base image and overhead, if any, to be allocatedfor user data. Once a base image has been set up on the SAN, the clientis configured by the administrator to boot from the SAN 520. Theclient's hypervisor checks the SAN to determine the size of the baseimage 530. If it is determined at 540 that the client has enough diskspace for the given base image, overhead, (and optional user data), asconfigured by the IT administrator, the client's drive is thenprovisioned by the hypervisor formatting the disk, creating partition(s)of appropriate size 550 (for example using Fdisk in the privilegeddomain of RAM disk which stores the hypervisor), and retrieving the baseimage from the SAN 560. If the client does not have sufficient space,the client may boot and run from the SAN, as per conventional disklessclient operation.

The disk can be provisioned for example by the client's hypervisorcalculating the amount of space necessary for local cache (base image),plus overhead (and optional user data, if any). This amount of space isdetermined for example by using the size of base image on the SANassigned to the user, the size of the memory allocated to the user's OS,and space needed for the boot files, plus updates (overhead). Thefollowing equation shows an example of how to calculate the requiredspace:

local cache partition size=(base image size)+2(user OS memory, that is,memory available to operating system)+(local boot files+overhead, thatis, memory required for hypervisor, et cetera)+(IT administratordetermined percentage of remaining local disk space to be used for localcache, if any).

The 2(user OS memory) term above is indicated to make room for pagefile, though other values (2.5×, et cetera) can be chosen. The localboot files correspond to SMC code. The overhead term corresponds tospace kept for updates to local boot files (allowing fall back to lastknow good configuration). The remaining local disk space may beallocated for local cache or optionally allocated for user data. Theuser space partition size is determined from the size of the memoryallocated to the user's OS. The following equation shows how tocalculate the required space:

user space partition size 2(user OS memory)+(IT administrator determinedpercentage of remaining local disk space to be used for user space, ifany).

When the base image has been downloaded from the SAN, the user can theproceed through the first boot process and, as above, all user specificdata will be stored to the SAN (unless the IT administrator has decidedto allow an area of the local disk for user data, in which case apartition (drive letter) can be available to the user). It will beunderstood that the most security conscious choice is to have 0%allocated for optional user data (forcing user specific data to theSAN). The space allocated, if any, for optional user data could haveincreased security, for example employing full disk encryption for thisarea of the drive, et cetera.

Streaming Down Base Image from SAN

An embodiment provides a method to image the local disk concurrentlywith the user running the image from the SAN. Conventionally, imagedeployment involved pre-loading at the customer site or during themanufacturing process. In most cases there is an additional end userimage customization step (first boot process) that can involve asignificant amount of time. This significant amount of time is wasted ifthe user must wait until customization completes to begin working.

Using a diskless client, when an SMC user logs in for the first time,the user's image is booted from the SAN. In the case of an SMC clienthaving a local cache, as described according to embodiments herein, theuser's base image can be booted from the SAN or from the local cache.

Nonetheless, even with a client provisioned for a local cache, the firsttime the local cache user logs in, the base image is unavailable locallybecause this requires a connection to the SAN for downloading the baseimage. Moreover, if another user logs into the same client and the otheruser's base image is different (for example, a different OS), the localcache will likewise not have the other user's base image availablelocally. Accordingly, an embodiment is configured to concurrently run aguest OS and stream down the particular user's base image from the SANto the local cache as a background task. The hypervisor provided (inmemory) has information available to it for both provisioning the disk(as described herein) and locating/streaming down the proper base imagefrom the SAN.

Turning to FIG. 6, at user log-in, a check is made 610 if the local diskhas been provisioned (as described herein). This check determines if thelocal disk has been formatted and the boot code installed. If not, thedisk will first need to be provisioned. Next, a check is made 620 todetect if the base image needs to be downloaded (that is, it isdetermined if the base image is downloaded in the local cache). Assumingthat the base image has not been downloaded, the logical unit number(LUN) that has the base image is connected to the client usinginformation from the user overlay LUN. Then, a background process isstarted 650 to download the base image from the SAN to the local cache.This process is can be set to a low priority to allow a guest OSaccessed from the SAN 640 to run smoothly. Thus, a user can continueutilizing the guest OS while the base image is streamed down from theSAN. The base image download process will automatically resume ifinterrupted (for example, the client is rebooted before the downloadcompletes). After the download completes, the base image is hashed toverify 660 it has been completely/correctly downloaded by matching thefile size and hash value to the base image on the SAN. Thereafter,subsequent user boots 670 can proceed from the local copy of the baseimage, and periodic checks can be made for updates to the downloadedbase image (by connecting to the SAN).

Migration from Native OS to SMC OS

In an alternative desktop use context, it is sometimes desirable for auser to keep his or her current (native) OS and simply migrate it up aremote device (SAN) for use. Unfortunately, certain OSs are not easy tomigrate in this way. This is particularly the case for multi-partitionOSs having interdependent partitions that tend to not be adequatelyupdated upon migration. For example, when users want to migrate anexisting multi-partition Windows® OS image such as Vista® or Windows® 7OSs, these users can have boot issues when the partitions' assigneddrive letters do not match after migration.

Today, a typical process for building a Windows® Vista® or Windows® 7 OSpre-load for a computer involves making several partitions, includingsystem and OS partitions, then installing the boot loader and OS.Finally, the device drivers are configured, as are the applications forthe new system.

In a diskless client with a virtualized HDD, the IT administrator isleft with a few choices. The IT administrator can install the OSdirectly into the remote storage of the diskless system, and configurethe OS; however, if the IT administrator wishes to migrate an existingpre-load from a system with a HDD, or if the OS has been used for awhile by an end user, the IT administrator can run into boot issues whenmigrating the image to remote storage (SAN). This is due to registry andboot configuration data (BCD) entries not pointing to the correctpartitions, even if they were faithfully copied for each partition usingan existing image deployment tool such as Ghost and Microsoft® IMAGEX.

Thus, as illustrated in FIG. 7, an embodiment provides a migration toolthat automatically migrates (copies) a user's existing multi-partitionOS up to the SAN database, checks the migrated OS for consistencyproblems, and fixes any detected problems automatically. An embodimentcopies each partition of the preloaded client HDD to the virtual disk onthe SAN for migration 710, including any partitioning and file systeminformation. Next, the system BCD and registry entries are identified720 for each mount device to determine the integrity of the bootprofile. For example, the volume information (name and value) isdetermined for all the different partitions by checking thecorresponding drive letters from HKLM\SYSTEM\MountedDevices entries. Theresults of the analysis are used to update/adjust 730 the BCD andregistry entries to point to the correct mount device. For example, thevolume information that is obtained is used to adjustHKLM\SYSTEM\MountedDevices entries for the target partitions. Also,“device” and “osdevice” entries in the BCD are adjusted to match thecorresponding target partitions. Once complete, the client system can berebooted 740 seamlessly to the virtualized (SAN) HDD, and is ready forthe end user.

By providing such a migration operation, embodiments allow theflexibility of permitting users to have access to their existing,personalized operating environments without sacrificing security orcentral manageability.

Determining Boot Location

In an iSCSI environment using a diskless client, a user's OS is normallystored on a server (SAN) rather than on a local disk, though this remoteserver location is presented to the client as if it were the local disk.In such an iSCSI environment, most clients will contain a NIC card withan iSCSI option ROM. At boot time, this option ROM contains code toconnect the client to the iSCSI server and present the iSCSI targetlocation as a local drive on the client system. The client BIOS thenboots this iSCSI drive (having a boot image) as if it were a localdrive.

According to an embodiment, a client can be provisioned with aspecialized ROM having a boot image for assisting in the boot process.The boot image stored locally will reduce the boot time (on the order oftens of seconds) because downloading a boot image from the SAN isavoided. This also reduces network traffic.

In this context, however, it is still important for the client toascertain if boot code was obtained from the SAN (remotely) or locally,as the client will have to conduct certain additional processes if theclient has booted locally. This is in part because if the client bootsfrom the SAN, the client will be provided with location informationnecessary for communicating with the SAN properly, whereas this will notoccur if the client boots locally (that is, without contacting the SAN).For example, if the client has booted locally, the client will stillneed to access the SAN (at least periodically) to determine if updatedboot image files and/or meta data is available (as described furtherherein).

Moreover, if the user's client system does not have a NIC containing aniSCSI option ROM, there is not a method to boot iSCSI directly from aSAN. Standard replication practices are generally too expensive due tothe limited resources available to BIOS at the time when the boot codeis necessary.

A method is provided to synchronize the boot code (image) on the SANwith the boot code (image) stored locally. A method to replicate theboot code locally is thus provided. This solution solves multiple issuesregarding iSCSI booting across the network. Embodiments having a localboot image allow for booting on systems without native iSCSI support(that is, without the local option ROM), avoidance of periodic longerboot times, and fail over mechanisms if the iSCSI boot server is notavailable.

Turning to FIG. 8, at boot time, a method is provided that allows adetermination of whether the client loaded boot code locally or loadedboot code remotely (via iSCSI from a SAN). This can be somewhatdifficult to accomplish due to the fact that at this time in the bootprocess, the iSCSI disk typically presents itself to the client though astandard BIOS bootstrap mechanism (for example, as an INT 13 h device),just like a local disk is presented.

To overcome this difficulty, the method checks to determine if theclient has booted from the SAN 810. For example, code is executed todetermine if there is iBFT (iSCSI Boot Firmware Table) data in the ACPI(Advanced Configuration and Power Interface) table. This providesinformation as to whether the client contacted a DHCP server andobtained SAN information. However, this initial check by itself may notbe sufficient, since the NIC may have initialized iSCSI, even if theclient has not booted from it. Accordingly, an additional check can bemade to determine if the client booted from the SAN 820. For example, acheck of the root path from the iBFT data to determine if an iSCSI SANis available can be made. Then, a match of the local device with theroot path, via the iSCSI database, is made to determine which drive(HDD) (/dev/sda, or /dev/sdb) has been used for booting. This thenprovides enough information regarding which device the client bootedfrom (that is, if the client has booted locally or from a networkattached device).

If the boot image was loaded from the SAN, the boot continues to theuser's operating system 860. If the boot image was loaded from the localdisk 830, there is a connection made to the SAN to get updated meta data(site configuration data) to determine if the local boot code is up todate. For example, a check is made if the hash value for the boot codeon the local disk matches the hash value stored on the SAN 840. If thesehash values do not match, the appropriate (updated) boot files aredownloaded from the SAN to the local disk 850, and typically the clientwill be rebooted in order to ensure the user is always using the latestboot environment.

It will be understood by those having ordinary skill in the art that theembodiments can be implemented with electronic devices havingappropriately configured circuitry, such as a desktop or laptop computersystem, and the like. A non-limiting example of a computer system isdescribed below.

The term “circuit” or “circuitry” as used herein includes all levels ofavailable integration, for example, from discrete logic circuits to thehighest level of circuit integration such as VLSI, and includesprogrammable logic components programmed to perform the functions of anembodiment as well as general-purpose or special-purpose processorsprogrammed with instructions to perform those functions.

While various other circuits or circuitry may be utilized, FIG. 9depicts a block diagram of one example of a computer system andcircuitry. The system may be a desktop computer system, such as one ofthe ThinkCentre® or ThinkPad® series of personal computers sold byLenovo (US) Inc. of Morrisville, N.C., or a workstation computer, suchas the ThinkStation®, which are sold by Lenovo (US) Inc. of Morrisville,N.C.; however, as apparent from the description herein, a client device,a server or other machine may include other features or only some of thefeatures of the system illustrated in FIG. 9.

The computer system of FIG. 9 includes a so-called chipset 110 (a groupof integrated circuits, or chips, that work together, chipsets) with anarchitecture that may vary depending on manufacturer (for example,INTEL®, AMD®, etc.). The architecture of the chipset 110 includes a coreand memory control group 120 and an I/O controller hub 150 that exchangeinformation (for example, data, signals, commands, et cetera) via adirect management interface (DMI) 142 or a link controller 144. In FIG.9, the DMI 142 is a chip-to-chip interface (sometimes referred to asbeing a link between a “northbridge” and a “southbridge”). The core andmemory control group 120 include one or more processors 122 (forexample, single or multi-core) and a memory controller hub 126 thatexchange information via a front side bus (FSB) 124; noting thatcomponents of the group 120 may be integrated in a chip that supplantsthe conventional “northbridge” style architecture.

In FIG. 9, the memory controller hub 126 interfaces with memory 140 (forexample, to provide support for a type of RAM that may be referred to as“system memory”). The memory controller hub 126 further includes a LVDSinterface 132 for a display device 192 (for example, a CRT, a flatpanel, a projector, et cetera). A block 138 includes some technologiesthat may be supported via the LVDS interface 132 (for example, serialdigital video, HDMI/DVI, display port). The memory controller hub 126also includes a PCI-express interface (PCI-E) 134 that may supportdiscrete graphics 136.

In FIG. 9, the I/O hub controller 150 includes a SATA interface 151 (forexample, for HDDs, SDDs, et cetera), a PCI-E interface 152 (for example,for wireless connections 182), a USB interface 153 (for example, forinput devices 184 such as keyboard, mice, cameras, phones, storage, etcetera.), a network interface 154 (for example, LAN), a GPIO interface155, a LPC interface 170 (for ASICs 171, a TPM 172, a super I/O 173, afirmware hub 174, BIOS support 175 as well as various types of memory176 such as ROM 177, Flash 178, and NVRAM 179), a power managementinterface 161, a clock generator interface 162, an audio interface 163(for example, for speakers 194), a TCO interface 164, a systemmanagement bus interface 165, and SPI Flash 166, which can include BIOS168 and boot code 190. The I/O hub controller 150 may include gigabitEthernet support.

The system, upon power on, may be configured to execute boot code 190for the BIOS 168, as stored within the SPI Flash 166, and thereafterprocesses data under the control of one or more operating systems andapplication software (for example, stored in system memory 140). Anoperating system may be stored in any of a variety of locations andaccessed, for example, according to instructions of the BIOS 168. Asdescribed herein, a device may include fewer or more features than shownin the system of FIG. 9.

Furthermore, embodiments may take the form of a computer program productembodied in one or more computer readable medium(s) having computerreadable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations may be written in anycombination of one or more programming languages, including an objectoriented programming language such as Java™, Smalltalk, C++ or the likeand conventional procedural programming languages, such as the “C”programming language or similar programming languages. The program codemay execute entirely on the user's computer (device), partly on theuser's computer, as a stand-alone software package, partly on the user'scomputer and partly on a remote computer or entirely on the remotecomputer or server. In the latter scenario, the remote computer may beconnected to the user's computer through any type of network, includinga local area network (LAN) or a wide area network (WAN), or theconnection may be made to an external computer (for example, through theInternet using an Internet Service Provider).

Embodiments are described herein with reference to flowchartillustrations and/or block diagrams of methods, apparatus (systems) andcomputer program products. It will be understood that each block of theflowchart illustrations and/or block diagrams, and combinations ofblocks in the flowchart illustrations and/or block diagrams, can beimplemented by computer program instructions. These computer programinstructions may be provided to a processor of a general purposecomputer, special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructions,which execute via the processor of the computer or other programmabledata processing apparatus, create means for implementing thefunctions/acts specified in the flowchart and/or block diagram block orblocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

This disclosure has been presented for purposes of illustration anddescription but is not intended to be exhaustive or limiting. Manymodifications and variations will be apparent to those of ordinary skillin the art. The embodiments were chosen and described in order toexplain principles and practical application, and to enable others ofordinary skill in the art to understand the disclosure for variousembodiments with various modifications as are suited to the particularuse contemplated.

Although illustrative embodiments have been described herein withreference to the accompanying drawings, it is to be understood that theembodiments are not limited to those precise descriptions, and thatvarious other changes and modifications may be affected therein by oneskilled in the art without departing from the scope or spirit of thedisclosure.

1. An apparatus comprising: one or more processors; a network interfaceconfigured to access one or more of a base image configured for aplurality of users and stored on a remote storage device; and, a useroverlay image stored on the remote storage device; and one or morestorage devices comprising computer-executable program code, thecomputer executable program code being executable by the one or moreprocessors and comprising: computer executable program code configuredto access the base image; and computer executable program codeconfigured to proceed through a first boot of the base image; whereinthe base image has been modified to not require writing one or morecommon operating system files to the user overlay image.
 2. Theapparatus according to claim 1, wherein the base image comprises acommon operating system configured for a plurality of users.
 3. Theapparatus according to claim 1, wherein the user overlay image comprisesuser-specific data.
 4. The apparatus according to claim 1, wherein thecomputer readable program code further comprises a hypervisor.
 5. Theapparatus according to claim 4, wherein the hypervisor is configured toestablish a virtualization layer that presents the remote storage deviceas a local drive.
 6. The apparatus according to claim 5, furthercomprising a local cache.
 7. The apparatus according to claim 6, whereinthe local cache comprises a copy of the base image.
 8. The apparatusaccording to claim 7, wherein the hypervisor is configured to redirectread actions of the apparatus to one or more of the copy of the baseimage or the user overlay image.
 9. The apparatus according to claim 8,wherein the hypervisor is further configured to redirect all writeactions to the user overlay image.
 10. A method comprising: establishinga network connection between an apparatus and a remote storage devicehaving one or more of a base image configured for a plurality of usersand a user overlay image; accessing the base image with the apparatus;and proceeding through a first boot of the base image with theapparatus; wherein the base image has been modified to not requirewriting one or more common operating system files to the user overlayimage.
 11. The method according to claim 10, wherein the base imagecomprises a common operating system configured for a plurality of users.12. The method according to claim 10, wherein the user overlay imagecomprises user-specific data.
 13. The method according to claim 10,further comprising loading a hypervisor at the apparatus.
 14. The methodaccording to claim 13, wherein the hypervisor is configured to establisha virtualization layer that presents the remote storage device as alocal drive of the apparatus.
 15. The method according to claim 10,further comprising configuring a local cache of the apparatus.
 16. Themethod according to claim 15, wherein the local cache comprises a copyof the base image.
 17. The method according to claim 16, wherein thehypervisor is configured to redirect read actions of the apparatus toone or more of the copy of the base image or the user overlay image. 18.The method according to claim 17, wherein the hypervisor is furtherconfigured to redirect all write actions to the user overlay image. 19.The method according to claim 15, wherein the local cache comprises alocal hard disk of the apparatus.
 20. A computer program productcomprising: a computer readable storage medium having computerexecutable program code embodied therewith, the computer readableprogram code comprising: computer executable program code configured toestablish a network connection between an apparatus and a remote storagedevice having one or more of a base image configured for a plurality ofusers and a user overlay image; computer executable program codeconfigured to access the base image with the apparatus; and computerexecutable program code configured to proceed through a first boot ofthe base image with the apparatus; wherein the base image has beenmodified to not require writing one or more common operating systemfiles to the user overlay image.